PERFORCE change 148468 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=148468

Change 148468 by rwatson at rwatson_fledge on 2008/08/25 22:46:29

	Update.

Affected files ...

.. //depot/projects/trustedbsd/www/audit.page#8 edit

Differences ...

==== //depot/projects/trustedbsd/www/audit.page#8 (text+ko) ====

@@ -1,5 +1,5 @@
 <!--
-     Copyright 2005-2006 Robert N. M. Watson
+     Copyright 2005-2008 Robert N. M. Watson
      All rights reserved.
      
      Redistribution and use in source and binary forms, with or without
@@ -25,51 +25,42 @@
 -->
 
 <page role="audit">
-  <title>Security Event Audit</title>
+  <title>Security Event Auditing</title>
 
   <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0">
     <cvs:keyword name="freebsd">
-      $P4: //depot/projects/trustedbsd/www/audit.page#7 $
+      $P4: //depot/projects/trustedbsd/www/audit.page#8 $
     </cvs:keyword>
   </cvs:keywords>
 
   <section>
-    <title>TrustedBSD Security Event Audit</title>
+    <title>TrustedBSD Security Event Auditing</title>
 
     <html>
-      <p>
-	<span id="collection-label">Perforce:</span>
-	<span id="cvsup-collection">//depot/projects/trustedbsd/audit3/...</span>
-      </p>
-      <p>
-	<span id="collection-label">Collection:</span>
-	<span id="cvsup-collection">p4-cvs-trustedbsd-audit3</span>
-      </p>
 
-      <p>Event auditing permits the selective and fine-grained logging of
-	security-relevant system events for the purposes of post-mortem
-	analysis, intrusion detection, and run-time monitoring.
-	analysis.  This includes the logging of authentication events, user
-	management events, and detailed logging of access control events,
-	including the ability to log system calls based on user and event
-	class.</p>
+      <p>Security event auditing permits the selective and fine-grained
+	logging of security-relevant system events for the purposes of
+	post-mortem analysis, intrusion detection, and run-time monitoring.
+	This includes the logging of authentication events, user management
+	events, and detailed logging of access control events, including the
+	ability to log system calls based on user and event class.</p>
 
-      <p>The trustedbsd_audit3 implementation is the third generation
-	security audit implementation implemented by the TrustedBSD Project,
-	and is derived from work performed by members of the TrustedBSD team
-	working at McAfee Research under contract to Apple Computer, Inc.,
-	in support of the Mac OS X CAPP evaluation.  The audit3 code base
-	includes a kernel audit event engine, auditing of system calls
-	across all native and emulated ABIs, modifications to several user
-	space components, including login-related programs such as login and
-	sshd, audit print and reduction tools, audit management daemon,
-	"audit pipes" for live application monitoring of system events, and
-	an audit support library.</p>
+      <p>The TrustedBSD audit implementation is present in FreeBSD 6.2 and
+	later, and there is continuing development work to expand its
+	feature set.  The current implementation is derived from the Mac OS
+	X audit implementation created by McAfee Research under contract to
+	Apple Computer, Inc. in support of the Mac OS X CAPP evaluation.
+	The TrustedBSD implementation has been substantially enhanced to add
+	new features, such as audit pipes allowing applications to attach
+	directly and selectively to the live event stream.</p>
 
-      <p>As of FreeBSD 6.2-RELEASE, audit support is included in the base
-	FreeBSD distribution, and further development of the kernel
-	implementation will take place in the FreeBSD CVS repository rather
-	than Perforce.</p>
+      <p>The audit implementation includes a kernel audit event engine,
+	auditing of system calls across all native and emulated ABIs,
+	modifications to several user space components, including
+	login-related programs such as login and sshd, audit print and
+	reduction tools, audit management daemon, "audit pipes" for live
+	application monitoring of system events, and an audit support
+	library.</p>
 
       <p>The file format and API are based on Sun's published Basic Security
 	Module (BSM), the de facto industry standard, and are provided via a